Openssh for Windows
Corinna Vinschen
vinschen at redhat.com
Tue Jul 29 18:40:19 EST 2008
On Jul 29 10:17, Corinna Vinschen wrote:
> On Jul 29 09:12, Harald Dunkel wrote:
> > Corinna Vinschen wrote:
> > > On Jul 28 16:33, Harald Dunkel wrote:
> > >> You might want to consider to use Microsoft's Services For Unix.
> > >> A nice OpenSSH implementation (client and server, including
> > >> public-key authentications!) is provided by Interopsystems. Some
> > >
> > > Cygwin supports pubkey since at least OpenSSH 2.1.0p3, back in 2000.
> > >
> >
> > Surely I don't want to goof on Cygwin, but you mean you can
> > login via ssh on a remote Windows XP host without being asked
> > for a password? Within an LDAP environment, including your
> > home directory on a remote network drive?
> >
> > Maybe I missed some trick hidden too deep in the documentation,
> > but I never made this work with Cygwin's ssh (in 2006). AFAICR
> > sshd was not running with the appropriate rights to read the
> > user's .ssh directory on a remote share, and there was no "regpwd"
> > tool as there is for Interix.
>
> You can use password-less authentication and Cygwin will create
> a user token for your user. This user token has no credentials for
> network access because you only get that when using password
> authentication. The result is that you only get your remote home dir
> after logging in by using `net use share /user:domain\user password',
> thus explicitely authenticating against the sharing server.
Btw., if you only need pubkey authentication for a single account, you
can do that in Cygwin by running sshd under that account. In this case,
there's no actual user context switch, just the authentication part.
This has an obvious advantage. Since sshd is already running as that
user, the user token has all credentials for accessing the required
network drives. And, you don't have to run sshd under a privileged
account if you don't feel confortable to do that on Windows.
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list